@abtnode/core 1.7.25 → 1.8.0

package/lib/api/team.js

@@ -1,13 +1,15 @@
 const { EventEmitter } = require('events');
 const pick = require('lodash/pick');
 const logger = require('@abtnode/logger')('@abtnode/core:api:team');
-const { ROLES, genPermissionName, EVENTS, WHO_CAN_ACCESS } = require('@abtnode/constant');
+const { ROLES, genPermissionName, EVENTS, WHO_CAN_ACCESS, PASSPORT_STATUS } = require('@abtnode/constant');
 const { isValid: isValidDid } = require('@arcblock/did');
 const { BlockletEvents } = require('@blocklet/meta/lib/constants');
 const { validateTrustedPassportIssuers } = require('../validators/trusted-passport');
 const { validateCreateRole, validateUpdateRole } = require('../validators/role');
 const { validateCreatePermission, validateUpdatePermission } = require('../validators/permission');
 
+const MAX_USER_PAGE_SIZE = 100;
+
 const validateReservedRole = (role) => {
   if (Object.values(ROLES).includes(role)) {
     throw new Error(`The role ${role} is reserved`);
@@ -68,29 +70,37 @@ class TeamAPI extends EventEmitter {
     return doc;
   }
 
-  async getUsers({ teamDid }) {
+  async getUsers({ teamDid, query, paging: inputPaging, sort }) {
     const state = await this.getUserState(teamDid);
 
-    const list = await state.getUsers();
-
-    return list.map(
-      (d) =>
-        pick(d, [
-          'did',
-          'pk',
-          'role',
-          'email',
-          'fullName',
-          'approved',
-          'createdAt',
-          'updatedAt',
-          'passports',
-          'firstLoginAt',
-          'lastLoginAt',
-          'remark',
-        ])
-      // eslint-disable-next-line function-paren-newline
-    );
+    if (inputPaging?.pageSize > MAX_USER_PAGE_SIZE) {
+      throw new Error(`Length of users should not exceed ${MAX_USER_PAGE_SIZE} per page`);
+    }
+
+    const { list, paging } = await state.getUsers({ query, sort, paging: { pageSize: 20, ...inputPaging } });
+
+    return {
+      users: list.map(
+        (d) =>
+          pick(d, [
+            'did',
+            'pk',
+            'role',
+            'email',
+            'fullName',
+            'approved',
+            'createdAt',
+            'updatedAt',
+            'passports',
+            'firstLoginAt',
+            'lastLoginAt',
+            'remark',
+            'avatar',
+          ])
+        // eslint-disable-next-line function-paren-newline
+      ),
+      paging,
+    };
   }
 
   async getUsersCount({ teamDid }) {
@@ -99,6 +109,28 @@ class TeamAPI extends EventEmitter {
     return state.count();
   }
 
+  async getUsersCountPerRole({ teamDid }) {
+    const roles = await this.getRoles({ teamDid });
+
+    const state = await this.getUserState(teamDid);
+
+    const res = [];
+
+    const all = await state.count();
+    res.push({ key: '$all', value: all });
+
+    for (const { name } of roles) {
+      // eslint-disable-next-line no-await-in-loop
+      const count = await state.count({ passports: { $elemMatch: { name, status: PASSPORT_STATUS.VALID } } });
+      res.push({ key: name, value: count });
+    }
+
+    const none = await state.count({ passports: { $size: 0 } });
+    res.push({ key: '$none', value: none });
+
+    return res;
+  }
+
   async getUser({ teamDid, user }) {
     const state = await this.getUserState(teamDid);
 

package/lib/blocklet/manager/disk.js

@@ -10,7 +10,7 @@ const capitalize = require('lodash/capitalize');
 const { Throttle } = require('stream-throttle');
 const LRU = require('lru-cache');
 const joi = require('joi');
-
+const { sign } = require('@arcblock/jwt');
 const { isValid: isValidDid } = require('@arcblock/did');
 const { verifyPresentation } = require('@arcblock/vc');
 const { toBase58, isHex } = require('@ocap/util');
@@ -45,6 +45,7 @@ const toBlockletDid = require('@blocklet/meta/lib/did');
 const { validateMeta } = require('@blocklet/meta/lib/validate');
 const { update: updateMetaFile } = require('@blocklet/meta/lib/file');
 const { titleSchema, descriptionSchema } = require('@blocklet/meta/lib/schema');
+const hasReservedKey = require('@blocklet/meta/lib/has-reserved-key');
 
 const {
   BlockletStatus,
@@ -101,7 +102,6 @@ const {
   getDiffFiles,
   getBundleDir,
   needBlockletDownload,
-  verifyPurchase,
   findAvailableDid,
   ensureMeta,
 } = require('../../util/blocklet');
@@ -172,13 +172,15 @@ class BlockletManager extends BaseBlockletManager {
   /**
    * @param {*} dataDirs generate by ../../util:getDataDirs
    */
-  constructor({ dataDirs, registry, startQueue, installQueue, daemon = false }) {
+  constructor({ dataDirs, registry, startQueue, installQueue, daemon = false, teamManager }) {
     super();
 
     this.dataDirs = dataDirs;
     this.installDir = dataDirs.blocklets;
     this.startQueue = startQueue;
     this.installQueue = installQueue;
+    this.teamManager = teamManager;
+
     /**
      * { did: Map({ <childDid>: <downloadFile.cancelCtrl> }) }
      */
@@ -209,9 +211,17 @@ class BlockletManager extends BaseBlockletManager {
   // ============================================================================================
 
   /**
-   * @param {Object} params
-   * @param {string} params.installId
-   * @param {string} params.sync default: false
+   *
+   *
+   * @param {{
+   *  url: string;
+   *  sync: boolean = false;
+   * }} params
+   * @param {{
+   *  [key: string]: any
+   * }} context
+   * @return {*}
+   * @memberof BlockletManager
    */
   async install(params, context) {
     logger.debug('install blocklet', { params, context });
@@ -245,7 +255,6 @@ class BlockletManager extends BaseBlockletManager {
   /**
    * @param {String} rootDid
    * @param {String} mountPoint
-   * @param {Boolean} context.blockletPurchaseVerified
    *
    * installFromUrl
    * @param {String} url
@@ -259,8 +268,13 @@ class BlockletManager extends BaseBlockletManager {
    * Custom info
    * @param {String} title custom component title
    * @param {String} name custom component name
+   *
+   * @param {ConfigEntry} configs pre configs
    */
-  async installComponent({ rootDid, mountPoint, url, file, did, diffVersion, deleteSet, title, name }, context = {}) {
+  async installComponent(
+    { rootDid, mountPoint, url, file, did, diffVersion, deleteSet, title, name, configs, downloadToken },
+    context = {}
+  ) {
     logger.debug('start install component', { rootDid, mountPoint, url });
 
     if (file) {
@@ -268,7 +282,17 @@ class BlockletManager extends BaseBlockletManager {
     }
 
     if (url) {
-      return this._installComponentFromUrl({ rootDid, mountPoint, url, context, title, did, name });
+      return this._installComponentFromUrl({
+        rootDid,
+        mountPoint,
+        url,
+        context,
+        title,
+        did,
+        name,
+        configs,
+        downloadToken,
+      });
     }
 
     // should not be here
@@ -317,7 +341,7 @@ class BlockletManager extends BaseBlockletManager {
     const did = get(vc, 'credentialSubject.purchased.blocklet.id');
     const registry = urlObject.origin;
 
-    return this._installFromStore({ did, registry }, { ...context, blockletPurchaseVerified: true });
+    return this._installFromStore({ did, registry }, context);
   }
 
   async start({ did, throwOnError, checkHealthImmediately = false, e2eMode = false }, context) {
@@ -684,7 +708,7 @@ class BlockletManager extends BaseBlockletManager {
 
     if (!attachRuntimeInfo) {
       try {
-        const blocklet = await this.ensureBlocklet(did);
+        const blocklet = await this.ensureBlocklet(did, { throwOnNotExist: false });
         return blocklet;
       } catch (e) {
         logger.error('get blocklet detail error', { error: e.message });
@@ -833,6 +857,10 @@ class BlockletManager extends BaseBlockletManager {
   async upgrade({ did, registryUrl, sync }, context) {
     const blocklet = await states.blocklet.getBlocklet(did);
 
+    if (!registryUrl && blocklet.source === BlockletSource.url) {
+      return this._installFromUrl({ url: blocklet.deployedFrom }, context);
+    }
+
     // TODO: 查看了下目前页面中的升级按钮，都是会传 registryUrl 过来的，这个函数里的逻辑感觉需要在以后做一个简化
     if (!registryUrl && blocklet.source !== BlockletSource.registry) {
       throw new Error('Wrong upgrade source, empty registryUrl or not installed from blocklet registry');
@@ -1202,14 +1230,17 @@ class BlockletManager extends BaseBlockletManager {
     return rootBlocklet;
   }
 
-  async ensureBlocklet(did, { e2eMode = false, validateEnv = true } = {}) {
+  async ensureBlocklet(did, { e2eMode = false, validateEnv = true, throwOnNotExist = true } = {}) {
     if (!isValidDid(did)) {
       throw new Error(`Blocklet did is invalid: ${did}`);
     }
 
     const blocklet = await states.blocklet.getBlocklet(did);
     if (!blocklet) {
-      throw new Error(`Can not find blocklet in database by did ${did}`);
+      if (throwOnNotExist) {
+        throw new Error(`Can not find blocklet in database by did ${did}`);
+      }
+      return null;
     }
 
     // app settings
@@ -1311,7 +1342,12 @@ class BlockletManager extends BaseBlockletManager {
     }
 
     try {
-      let blocklet = await this.ensureBlocklet(did);
+      let blocklet = await this.ensureBlocklet(did, { throwOnNotExist: false });
+
+      if (!blocklet) {
+        return null;
+      }
+
       const fromCache = !!cachedBlocklet;
 
       // if from cached data, only use cache data of runtime info (engine, diskInfo, runtimeInfo...)
@@ -1408,7 +1444,21 @@ class BlockletManager extends BaseBlockletManager {
     }
   }
 
-  async onDownload({ blocklet, context, postAction, oldBlocklet, throwOnError }) {
+  /**
+   *
+   *
+   * @param {{
+   *  blocklet: {},
+   *  context: {},
+   *  postAction: 'install' | 'upgrade' | 'downgrade',
+   *  oldBlocklet: {},
+   *  throwOnError: Error
+   * }} params
+   * @return {*}
+   * @memberof BlockletManager
+   */
+  async onDownload(params) {
+    const { blocklet, context, postAction, oldBlocklet, throwOnError } = params;
     const { meta } = blocklet;
     const { name, did, version } = meta;
 
@@ -1433,7 +1483,7 @@ class BlockletManager extends BaseBlockletManager {
 
       preDownloadLock.release();
 
-      const { isCancelled } = await this._downloadBlocklet(blocklet, oldBlocklet);
+      const { isCancelled } = await this._downloadBlocklet(blocklet, oldBlocklet, context);
 
       if (isCancelled) {
         logger.info('Download was canceled manually', { name, did, version });
@@ -1624,7 +1674,21 @@ class BlockletManager extends BaseBlockletManager {
     }
   }
 
-  async _installFromStore({ did, registry, sync }, context) {
+  /**
+   ***
+   *
+   * @param {{
+   *  did: string;
+   *  registry: string;
+   *  sync: boolean;
+   * }} params
+   * @param {*} context
+   * @return {*}
+   * @memberof BlockletManager
+   */
+  async _installFromStore(params, context) {
+    const { did, registry, sync } = params;
+
     logger.debug('start install blocklet', { did });
     if (!isValidDid(did)) {
       throw new Error('Blocklet did is invalid');
@@ -1642,8 +1706,6 @@ class BlockletManager extends BaseBlockletManager {
       throw new Error('Can not install an already installed blocklet');
     }
 
-    verifyPurchase(meta, context);
-
     // install
     return this._install({
       meta,
@@ -1654,7 +1716,20 @@ class BlockletManager extends BaseBlockletManager {
     });
   }
 
-  async _installFromUrl({ url, sync }, context) {
+  /**
+   *
+   *
+   * @param {{
+   *  url: string;
+   *  sync: boolean;
+   * }} params
+   * @param {{}} context
+   * @return {*}
+   * @memberof BlockletManager
+   */
+  async _installFromUrl(params, context) {
+    const { url, sync } = params;
+
     logger.debug('start install blocklet', { url });
 
     const { inStore, registryUrl, blockletDid } = await parseSourceUrl(url);
@@ -1695,7 +1770,17 @@ class BlockletManager extends BaseBlockletManager {
     });
   }
 
-  async _installComponentFromUrl({ rootDid, mountPoint, url, context, title, name: inputName, did: inputDid }) {
+  async _installComponentFromUrl({
+    rootDid,
+    mountPoint,
+    url,
+    context,
+    title,
+    name: inputName,
+    did: inputDid,
+    configs,
+    downloadToken,
+  }) {
     const blocklet = await this._getBlockletForInstallation(rootDid);
     if (!blocklet) {
       throw new Error('Root blocklet does not exist');
@@ -1703,12 +1788,28 @@ class BlockletManager extends BaseBlockletManager {
 
     const meta = await getBlockletMetaFromUrl(url);
 
+    // 如果是一个付费的blocklet,需要携带token才能下载成功
+    if (!isFreeBlocklet(meta)) {
+      const info = await states.node.read();
+
+      // eslint-disable-next-line no-param-reassign
+      context = {
+        ...context,
+        headers: {
+          'x-server-did': info.did,
+          'x-download-token': downloadToken,
+          'x-server-publick-key': info.pk,
+          'x-server-signature': sign(info.did, info.sk, {
+            exp: (Date.now() + 5 * 60 * 1000) / 1000,
+          }),
+        },
+      };
+    }
+
     if (!isComponentBlocklet(meta)) {
       throw new Error('The blocklet cannot be a component');
     }
 
-    verifyPurchase(meta, context);
-
     if (title) {
       meta.title = await titleSchema.validateAsync(title);
     }
@@ -1724,26 +1825,41 @@ class BlockletManager extends BaseBlockletManager {
       did = found.did;
     }
 
-    const newChildren = [
-      {
-        meta: ensureMeta(meta, { did, name }),
-        mountPoint,
-        bundleSource: { url },
-        dynamic: true,
-        children: await parseChildrenFromMeta(meta, { ...context, ancestors: [{ mountPoint }] }),
-      },
-    ];
+    const newChild = {
+      meta: ensureMeta(meta, { did, name }),
+      mountPoint,
+      bundleSource: { url },
+      dynamic: true,
+      children: await parseChildrenFromMeta(meta, { ...context, ancestors: [{ mountPoint }] }),
+    };
 
-    checkDuplicateComponents([...blocklet.children, ...newChildren]);
+    checkDuplicateComponents([...blocklet.children, newChild]);
 
-    // add component to db
-    await states.blocklet.addChildren(rootDid, newChildren);
-    await this._upsertDynamicNavigation(blocklet.meta.did, newChildren[0]);
+    try {
+      // add component to db
+      await states.blocklet.addChildren(rootDid, [newChild]);
+
+      // update navigation
+      await this._upsertDynamicNavigation(blocklet.meta.did, newChild);
+
+      // update configs
+      if (Array.isArray(configs)) {
+        if (hasReservedKey(configs)) {
+          throw new Error('Component key of environments can not start with `ABT_NODE_` or `BLOCKLET_`');
+        }
+
+        await states.blockletExtras.setConfigs([blocklet.meta.did, newChild.meta.did], configs);
+      }
+    } catch (err) {
+      logger.error('Add component failed', err);
+      await this._rollback('upgrade', rootDid, blocklet);
+      throw err;
+    }
 
     return this.updateChildren(
       {
         did: rootDid,
-        children: [...blocklet.children, ...newChildren],
+        children: [...blocklet.children, newChild],
         oldBlocklet: blocklet,
       },
       context
@@ -2033,50 +2149,15 @@ class BlockletManager extends BaseBlockletManager {
       throw new Error('the blocklet is not installed');
     }
 
-    const { bundleDid } = blocklet.meta;
-
-    let versions = this.cachedBlockletVersions.get(did);
-
-    if (!versions) {
-      const { blockletRegistryList } = await states.node.read();
-      const tasks = blockletRegistryList.map((registry) =>
-        this.registry
-          .getBlockletMeta({ did: bundleDid, registryUrl: registry.url })
-          .then((item) => ({ did, version: item.version, registryUrl: registry.url }))
-          .catch((error) => {
-            if (error.response && error.response.status === 404) {
-              return;
-            }
-            logger.error('get blocklet meta from registry failed', { did, error });
-          })); // prettier-ignore
-
-      versions = await Promise.all(tasks);
-      this.cachedBlockletVersions.set(did, versions);
-    }
-
-    versions = versions.filter((item) => item && semver.gt(item.version, version));
-
-    if (versions.length === 0) {
-      return null;
-    }
-
-    // When new version found from the store where the blocklet was installed from, we should use that store first
     if (blocklet.source === BlockletSource.registry && blocklet.deployedFrom) {
-      const latestFromSameRegistry = versions.find((x) => x.registryUrl === blocklet.deployedFrom);
-      if (latestFromSameRegistry) {
-        return latestFromSameRegistry;
-      }
+      return this._getLatestBlockletVersionFromStore({ blocklet, version });
     }
 
-    // Otherwise try upgrading from other store
-    let latestBlockletVersion = versions[0];
-    versions.forEach((item) => {
-      if (semver.lt(latestBlockletVersion.version, item.version)) {
-        latestBlockletVersion = item;
-      }
-    });
+    if (blocklet.source === BlockletSource.url && blocklet.deployedFrom) {
+      return this._getLatestBlockletVersionFromUrl({ blocklet, version });
+    }
 
-    return latestBlockletVersion;
+    return null;
   }
 
   getCrons() {
@@ -2132,7 +2213,22 @@ class BlockletManager extends BaseBlockletManager {
       .filter((x) => (skipDeleted ? x.status !== BlockletStatus.deleted : true));
   }
 
-  async _install({ meta, source, deployedFrom, context, sync }) {
+  /**
+   *
+   *
+   * @param {{
+   *  meta: {}; // blocklet meta
+   *  source: number; // example: BlockletSource.registry,
+   *  deployedFrom: string;
+   *  context: {}
+   *  sync: boolean = false;
+   * }} params
+   * @return {*}
+   * @memberof BlockletManager
+   */
+  async _install(params) {
+    const { meta, source, deployedFrom, context, sync } = params;
+
     validateBlockletMeta(meta, { ensureDist: true });
 
     const { name, did, version } = meta;
@@ -2141,6 +2237,7 @@ class BlockletManager extends BaseBlockletManager {
 
     const children = await this._getChildrenForInstallation(meta);
     try {
+      // 创建一个blocklet到database
       const blocklet = await states.blocklet.addBlocklet({
         meta,
         source,
@@ -2157,7 +2254,15 @@ class BlockletManager extends BaseBlockletManager {
       const blocklet1 = await states.blocklet.setBlockletStatus(did, BlockletStatus.waiting);
       this.emit(BlockletEvents.added, blocklet1);
 
-      // download
+      /** @type {{
+       *  blocklet: any;
+       *  oldBlocklet: {
+       *    children: any[];
+       *    extraState: any;
+       *  };
+       *  context: {};
+       *  postAction: string
+       * }} */
       const downloadParams = {
         blocklet: { ...blocklet1 },
         oldBlocklet: {
@@ -2220,6 +2325,13 @@ class BlockletManager extends BaseBlockletManager {
     }
   }
 
+  /**
+   *
+   *
+   * @param {{}} { meta, source, deployedFrom, context, sync }
+   * @return {*}
+   * @memberof BlockletManager
+   */
   async _upgrade({ meta, source, deployedFrom, context, sync }) {
     validateBlockletMeta(meta, { ensureDist: meta.group !== BlockletGroup.gateway });
 
@@ -2242,6 +2354,26 @@ class BlockletManager extends BaseBlockletManager {
 
     this.emit(BlockletEvents.statusChange, newBlocklet);
 
+    // 如果是一个付费的blocklet,需要携带token才能下载成功
+    if (!isFreeBlocklet(meta)) {
+      const blocklet = await states.blocklet.getBlocklet(did);
+
+      const info = await states.node.read();
+
+      // eslint-disable-next-line no-param-reassign
+      context = {
+        ...context,
+        headers: {
+          'x-server-did': info.did,
+          'x-download-token': blocklet?.tokens?.paidBlockletDownloadToken,
+          'x-server-publick-key': info.pk,
+          'x-server-signature': sign(info.did, info.sk, {
+            exp: (Date.now() + 5 * 60 * 1000) / 1000,
+          }),
+        },
+      };
+    }
+
     // download
     const downloadParams = {
       oldBlocklet: { ...oldBlocklet },
@@ -2255,7 +2387,6 @@ class BlockletManager extends BaseBlockletManager {
       await this.onDownload({ ...downloadParams, throwOnError: true });
       return states.blocklet.getBlocklet(did);
     }
-
     const ticket = this.installQueue.push(
       {
         entity: 'blocklet',
@@ -2469,6 +2600,14 @@ class BlockletManager extends BaseBlockletManager {
       // Update dynamic component meta in blocklet settings
       await this._ensureDynamicChildrenInSettings(blocklet);
 
+      if (context?.headers?.['x-download-token']) {
+        await states.blocklet.updateBlocklet(did, {
+          tokens: {
+            paidBlockletDownloadToken: context.headers['x-download-token'],
+          },
+        });
+      }
+
       states.notification.create({
         title: 'Blocklet Installed',
         description: `Blocklet ${meta.name}@${meta.version} is installed successfully. (Source: ${
@@ -2657,11 +2796,23 @@ class BlockletManager extends BaseBlockletManager {
   }
 
   /**
-   * for download: cwd, tarball, did
-   * for verify: verify, integrity
-   * for cancel control: ctrlStore, rootDid
+   *
+   *
+   * @param {{
+   *   url: string,
+   *   cwd: string,
+   *   tarball: string,
+   *   did: string,
+   *   integrity: string,
+   *   verify: boolean = true,
+   *   ctrlStore: {},
+   *   rootDid: string,
+   *   context: {} = {},
+   * }} { url, cwd, tarball, did, integrity, verify = true, ctrlStore = {}, rootDid, context = {} }
+   * @return {*}
+   * @memberof BlockletManager
    */
-  async _downloadTarball({ url, cwd, tarball, did, integrity, verify = true, ctrlStore = {}, rootDid }) {
+  async _downloadTarball({ url, cwd, tarball, did, integrity, verify = true, ctrlStore = {}, rootDid, context = {} }) {
     fs.mkdirSync(cwd, { recursive: true });
 
     const tarballName = url.split('/').slice(-1)[0];
@@ -2673,7 +2824,7 @@ class BlockletManager extends BaseBlockletManager {
     const cachedTarFile = await this._getCachedTarFile(integrity);
     if (cachedTarFile) {
       logger.info('found cache tarFile', { did, tarballName, integrity });
-      await fs.move(cachedTarFile, tarballPath);
+      await fs.move(cachedTarFile, tarballPath, { overwrite: true });
     } else if (protocol.startsWith('file')) {
       await fs.copy(decodeURIComponent(pathname), tarballPath);
     } else {
@@ -2684,7 +2835,7 @@ class BlockletManager extends BaseBlockletManager {
       }
       ctrlStore[rootDid].set(did, cancelCtrl);
 
-      await downloadFile(url, path.join(cwd, tarballName), { cancelCtrl });
+      await downloadFile(url, path.join(cwd, tarballName), { cancelCtrl }, context);
 
       if (ctrlStore[rootDid]) {
         ctrlStore[rootDid].delete(did);
@@ -2773,12 +2924,16 @@ class BlockletManager extends BaseBlockletManager {
   }
 
   /**
-   * download bundle, verify bundle, resolve bundle to installDir
-   * @param {object} meta
-   * @param {string} rootDid root blocklet did of the blocklet to be downloaded
-   * @return {object} { isCancelled: Boolean }
+   *
+   *
+   * @param {*} meta
+   * @param {*} rootDid
+   * @param {*} url
+   * @param {{}} [context={}]
+   * @return {*}
+   * @memberof BlockletManager
    */
-  async _downloadBundle(meta, rootDid, url) {
+  async _downloadBundle(meta, rootDid, url, context = {}) {
     const { bundleName: name, bundleDid: did, version, dist = {} } = meta;
     const { tarball, integrity } = dist;
 
@@ -2806,6 +2961,7 @@ class BlockletManager extends BaseBlockletManager {
         ctrlStore: this.downloadCtrls,
         rootDid,
         url,
+        context,
       });
       logger.info('downloaded blocklet tar file', { name, version, tarballPath });
       if (tarballPath === downloadFile.CANCEL) {
@@ -2826,7 +2982,16 @@ class BlockletManager extends BaseBlockletManager {
     }
   }
 
-  async _downloadBlocklet(blocklet, oldBlocklet = {}) {
+  /**
+   *
+   *
+   * @param {{}} blocklet
+   * @param {{}} [oldBlocklet={}]
+   * @param {{}} [context={}]
+   * @return {*}
+   * @memberof BlockletManager
+   */
+  async _downloadBlocklet(blocklet, oldBlocklet = {}, context = {}) {
     const {
       meta: { name, did },
     } = blocklet;
@@ -2880,7 +3045,7 @@ class BlockletManager extends BaseBlockletManager {
           tarball: get(meta, 'dist.tarball'),
           registryUrl: blocklet.source === BlockletSource.registry ? blocklet.deployedFrom : undefined,
         });
-        tasks.push(this._downloadBundle(meta, did, url));
+        tasks.push(this._downloadBundle(meta, did, url, context));
       }
       const results = await Promise.all(tasks);
       if (results.find((x) => x.isCancelled)) {
@@ -2976,6 +3141,9 @@ class BlockletManager extends BaseBlockletManager {
     const logsDir = path.join(this.dataDirs.logs, name);
     const cacheDir = path.join(this.dataDirs.cache, name);
 
+    // Cleanup db
+    await this.teamManager.deleteTeam(blocklet.meta.did);
+
     // Cleanup disk storage
     fs.removeSync(cacheDir);
     if (keepData === false) {
@@ -3068,6 +3236,78 @@ class BlockletManager extends BaseBlockletManager {
 
     return blocklet;
   }
+
+  async _getLatestBlockletVersionFromStore({ blocklet, version }) {
+    const { did, bundleDid } = blocklet.meta;
+
+    let versions = this.cachedBlockletVersions.get(did);
+
+    if (!versions) {
+      const { blockletRegistryList } = await states.node.read();
+      const tasks = blockletRegistryList.map((registry) =>
+        this.registry
+          .getBlockletMeta({ did: bundleDid, registryUrl: registry.url })
+          .then((item) => ({ did, version: item.version, registryUrl: registry.url }))
+          .catch((error) => {
+            if (error.response && error.response.status === 404) {
+              return;
+            }
+            logger.error('get blocklet meta from registry failed', { did, error });
+          })); // prettier-ignore
+
+      versions = await Promise.all(tasks);
+      this.cachedBlockletVersions.set(did, versions);
+    }
+
+    versions = versions.filter((item) => item && semver.gt(item.version, version));
+
+    if (versions.length === 0) {
+      return null;
+    }
+
+    // When new version found from the store where the blocklet was installed from, we should use that store first
+    if (blocklet.source === BlockletSource.registry && blocklet.deployedFrom) {
+      const latestFromSameRegistry = versions.find((x) => x.registryUrl === blocklet.deployedFrom);
+      if (latestFromSameRegistry) {
+        return latestFromSameRegistry;
+      }
+    }
+
+    // Otherwise try upgrading from other store
+    let latestBlockletVersion = versions[0];
+    versions.forEach((item) => {
+      if (semver.lt(latestBlockletVersion.version, item.version)) {
+        latestBlockletVersion = item;
+      }
+    });
+
+    return latestBlockletVersion;
+  }
+
+  async _getLatestBlockletVersionFromUrl({ blocklet, version }) {
+    const { did } = blocklet.meta;
+
+    let versions = this.cachedBlockletVersions.get(did);
+
+    if (!versions) {
+      try {
+        const item = await getBlockletMetaFromUrl(blocklet.deployedFrom);
+        versions = [{ did, version: item.version }];
+      } catch (error) {
+        logger.error('get blocklet meta from url failed when checking latest version', { did, error });
+        versions = [];
+      }
+    }
+
+    this.cachedBlockletVersions.set(did, versions);
+    versions = versions.filter((item) => item && semver.gt(item.version, version));
+
+    if (versions.length === 0) {
+      return null;
+    }
+
+    return versions[0];
+  }
 }
 
 module.exports = BlockletManager;

package/lib/index.js

@@ -117,6 +117,7 @@ function ABTNode(options) {
     maintainerEmail: DEFAULT_CERTIFICATE_EMAIL,
     dataDir: dataDirs.certManagerModule,
   });
+
   const routerManager = new RouterManager({ certManager });
   const routingSnapshot = new RoutingSnapshot({
     baseDir: dataDirs.core,
@@ -126,13 +127,18 @@ function ABTNode(options) {
       return { sites };
     },
   });
+
   const blockletRegistry = new BlockletRegistry();
+
+  const teamManager = new TeamManager({ nodeDid: options.nodeDid, dataDirs, states });
+
   const blockletManager = new BlockletManager({
     dataDirs,
     startQueue,
     installQueue,
     registry: blockletRegistry,
     daemon: options.daemon,
+    teamManager,
   });
   blockletManager.setMaxListeners(0);
 
@@ -156,7 +162,6 @@ function ABTNode(options) {
     getRouterProvider,
   } = getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager });
 
-  const teamManager = new TeamManager({ nodeDid: options.nodeDid, dataDirs, states });
   const nodeAPI = new NodeAPI(states.node, blockletRegistry);
   const teamAPI = new TeamAPI({ states, teamManager });
 
@@ -272,6 +277,7 @@ function ABTNode(options) {
     // Account
     getUsers: teamAPI.getUsers.bind(teamAPI),
     getUsersCount: teamAPI.getUsersCount.bind(teamAPI),
+    getUsersCountPerRole: teamAPI.getUsersCountPerRole.bind(teamAPI),
     getUser: teamAPI.getUser.bind(teamAPI),
     getOwner: teamAPI.getOwner.bind(teamAPI),
     getNodeUsers: () => teamAPI.getUsers({ teamDid: options.nodeDid }),

package/lib/router/index.js

@@ -95,19 +95,16 @@ class Router {
   }
 
   async updateRoutingTable() {
+    logger.info('update routing table');
+
     const { sites, certificates, headers = {}, services = [], nodeInfo = {} } = (await this.getRoutingParams()) || {};
     if (!Array.isArray(sites)) {
       logger.error('sites is not an array', { sites });
       return;
     }
 
-    logger.info('updateRoutingTable sites:', { sites });
-
     this.routingTable = getRoutingTable({ sites, nodeInfo });
 
-    logger.info('updateRoutingTable routingTable:', { routingTable: this.routingTable });
-    logger.info('updateRoutingTable certificates:', { certificates: certificates.map((item) => item.domain) });
-
     const requestLimit = nodeInfo.routing.requestLimit || { enable: false, rate: GATEWAY_REQ_LIMIT.min };
     if (requestLimit.enabled) {
       requestLimit.maxInstantRate = requestLimit.rate >= 20 ? 20 : requestLimit.rate + 20;

package/lib/states/user.js

@@ -1,3 +1,5 @@
+const pickBy = require('lodash/pickBy');
+
 const logger = require('@abtnode/logger')('@abtnode/core:states:user');
 const { PASSPORT_STATUS } = require('@abtnode/constant');
 const BaseState = require('./base');
@@ -7,6 +9,8 @@ const fixPassports = (doc) => {
   doc.passports = (doc.passports || []).filter((x) => x.id);
 };
 
+const isNullOrUndefined = (x) => x === undefined || x === null;
+
 class User extends BaseState {
   constructor(baseDir, options = {}) {
     super(baseDir, { filename: 'user.db', ...options });
@@ -85,13 +89,45 @@ class User extends BaseState {
     return doc;
   }
 
-  async getUsers() {
-    const docs = await super.find();
-    if (docs) {
-      docs.forEach(fixPassports); // backward compatible
+  async getUsers({ query, sort, paging: inputPaging } = {}) {
+    const { approved, role, search } = query || {};
+
+    // make query param
+    const queryParam = {};
+
+    if (!isNullOrUndefined(approved)) {
+      queryParam.approved = !!approved;
+    }
+
+    if (search) {
+      queryParam.$or = [{ fullName: search }, { did: search }];
+    }
+
+    if (role && role !== '$all') {
+      if (role === '$none') {
+        queryParam.passports = { $size: 0 };
+      } else {
+        queryParam.passports = { $elemMatch: { name: role, status: PASSPORT_STATUS.VALID } };
+      }
+    }
+
+    const sortParam = pickBy(sort, (x) => !isNullOrUndefined(x));
+
+    if (!Object.keys(sortParam).length) {
+      sortParam.createdAt = -1;
+    }
+
+    // get data
+    const { list, paging } = await this.paginate(queryParam, sortParam, inputPaging);
+
+    if (list) {
+      list.forEach(fixPassports); // backward compatible
     }
 
-    return docs;
+    return {
+      list,
+      paging,
+    };
   }
 
   async getUser(did) {

package/lib/team/manager.js

@@ -17,6 +17,18 @@ const { isCLI } = require('../util');
 
 const rbacCreationLock = new Lock('rbac-creation-lock');
 
+const closeDatabase = async (db) =>
+  new Promise((resolve, reject) => {
+    db.closeDatabase((err) => {
+      if (err) {
+        reject(err);
+        return;
+      }
+
+      resolve();
+    });
+  });
+
 class TeamManager extends EventEmitter {
   constructor({ nodeDid, dataDirs, states }) {
     super();
@@ -48,10 +60,6 @@ class TeamManager extends EventEmitter {
       });
     });
 
-    this.states.blocklet.on('remove', ({ meta: { did } }) => {
-      this.cache[did] = null;
-    });
-
     // init blocklet
     this.states.blocklet
       .getBlocklets()
@@ -280,6 +288,28 @@ class TeamManager extends EventEmitter {
     return owner;
   }
 
+  async deleteTeam(did) {
+    if (this.cache[did]) {
+      try {
+        if (this.cache[did].rbac) {
+          await closeDatabase(this.cache[did].rbac.storage.db);
+        }
+
+        if (this.cache[did].user) {
+          await closeDatabase(this.cache[did].user.db);
+        }
+
+        if (this.cache[did].session) {
+          await closeDatabase(this.cache[did].session.db);
+        }
+      } catch (err) {
+        logger.error('Failed to close database', { did, err });
+      }
+    }
+
+    this.cache[did] = null;
+  }
+
   // =======
   // Private
   // =======

package/lib/util/blocklet.js

@@ -44,7 +44,6 @@ const getBlockletInfo = require('@blocklet/meta/lib/info');
 const { validateMeta, fixAndValidateService } = require('@blocklet/meta/lib/validate');
 const {
   forEachBlocklet,
-  isFreeBlocklet,
   getDisplayName,
   findWebInterface,
   forEachBlockletSync,
@@ -338,7 +337,8 @@ const getRuntimeEnvironments = (blocklet, nodeEnvironments, ancestors) => {
   };
 };
 
-const isUsefulError = (err) => err && err.message !== 'process or namespace not found';
+const isUsefulError = (err) =>
+  err && err.message !== 'process or namespace not found' && !/^Process \d+ not found$/.test(err.message);
 
 const getHealthyCheckTimeout = (blocklet, { checkHealthImmediately } = {}) => {
   let minConsecutiveTime = 5000;
@@ -724,8 +724,6 @@ const parseChildrenFromMeta = async (src, context = {}) => {
 
     validateBlockletMeta(m, { ensureDist: true });
 
-    verifyPurchase(m, context);
-
     if (!isComponentBlocklet(m)) {
       throw new Error(`The blocklet cannot be a component: ${m.title}`);
     }
@@ -1227,18 +1225,6 @@ const needBlockletDownload = (blocklet, oldBlocklet) => {
   return !(get(oldBlocklet, 'meta.dist.integrity') === get(blocklet, 'meta.dist.integrity'));
 };
 
-const verifyPurchase = (meta, opts = {}) => {
-  if (opts.blockletPurchaseVerified) {
-    return true;
-  }
-
-  if (isFreeBlocklet(meta)) {
-    return true;
-  }
-
-  throw new Error('Can not install a non-free blocklet directly');
-};
-
 const findAvailableDid = (meta, siblings) => {
   const reg = /-(\d+)$/;
   const match = reg.exec(meta.name);
@@ -1316,7 +1302,6 @@ module.exports = {
   getDiffFiles,
   getBundleDir,
   needBlockletDownload,
-  verifyPurchase,
   findAvailableDid,
   ensureMeta,
   getSourceUrlsFromConfig,

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.7.25",
+  "version": "1.8.0",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,30 +19,31 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/certificate-manager": "1.7.25",
-    "@abtnode/constant": "1.7.25",
-    "@abtnode/cron": "1.7.25",
-    "@abtnode/db": "1.7.25",
-    "@abtnode/logger": "1.7.25",
-    "@abtnode/queue": "1.7.25",
-    "@abtnode/rbac": "1.7.25",
-    "@abtnode/router-provider": "1.7.25",
-    "@abtnode/static-server": "1.7.25",
-    "@abtnode/timemachine": "1.7.25",
-    "@abtnode/util": "1.7.25",
-    "@arcblock/did": "^1.16.15",
+    "@abtnode/certificate-manager": "1.8.0",
+    "@abtnode/constant": "1.8.0",
+    "@abtnode/cron": "1.8.0",
+    "@abtnode/db": "1.8.0",
+    "@abtnode/logger": "1.8.0",
+    "@abtnode/queue": "1.8.0",
+    "@abtnode/rbac": "1.8.0",
+    "@abtnode/router-provider": "1.8.0",
+    "@abtnode/static-server": "1.8.0",
+    "@abtnode/timemachine": "1.8.0",
+    "@abtnode/util": "1.8.0",
+    "@arcblock/did": "1.17.0",
     "@arcblock/did-motif": "^1.1.10",
-    "@arcblock/did-util": "^1.16.15",
-    "@arcblock/event-hub": "1.16.15",
+    "@arcblock/did-util": "1.17.0",
+    "@arcblock/event-hub": "1.17.0",
+    "@arcblock/jwt": "^1.17.0",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "^1.16.15",
-    "@blocklet/meta": "1.7.25",
+    "@arcblock/vc": "1.17.0",
+    "@blocklet/meta": "1.8.0",
     "@fidm/x509": "^1.2.1",
     "@nedb/core": "^1.2.2",
     "@nedb/multi": "^1.2.2",
-    "@ocap/mcrypto": "^1.16.15",
-    "@ocap/util": "^1.16.15",
-    "@ocap/wallet": "^1.16.15",
+    "@ocap/mcrypto": "1.17.0",
+    "@ocap/util": "1.17.0",
+    "@ocap/wallet": "1.17.0",
     "@slack/webhook": "^5.0.3",
     "axios": "^0.27.2",
     "axon": "^2.0.3",
@@ -80,5 +81,5 @@
     "express": "^4.17.1",
     "jest": "^27.4.5"
   },
-  "gitHead": "a500728739278c8a9464cf631a811ddfc4838fad"
+  "gitHead": "6446a85fb33721abc24bb1045d59158e6b96c241"
 }